Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/952230-c262-41cc-b956-cfc46a76ec78/1/T5TKjlAxIgi5sdeYoenLah7GnlY.roa
File:                     T5TKjlAxIgi5sdeYoenLah7GnlY.roa (raw, json)
Hash identifier:          NpGInzDZVPNjYivC1m6sc5I/so2WF3w3NWCciifigO8=
Subject key identifier:   4F:94:CA:8E:50:31:22:08:B9:B1:D7:98:A1:E9:CB:6A:1E:C6:9E:56
Certificate issuer:       /CN=374e2729b17369890a1512f643cd08e4ba2ff414
Certificate serial:       019EADCE7EAEA3837460E7DD23B8974474BA
Authority key identifier: 37:4E:27:29:B1:73:69:89:0A:15:12:F6:43:CD:08:E4:BA:2F:F4:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N04nKbFzaYkKFRL2Q80I5Lov9BQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/952230-c262-41cc-b956-cfc46a76ec78/1/T5TKjlAxIgi5sdeYoenLah7GnlY.roa
Signing time:             Tue 09 Jun 2026 19:14:11 +0000
ROA not before:           Tue 09 Jun 2026 19:14:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     46475
IP address blocks:        77.243.90.0/24 maxlen: 24
                          178.20.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/952230-c262-41cc-b956-cfc46a76ec78/1/N04nKbFzaYkKFRL2Q80I5Lov9BQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/952230-c262-41cc-b956-cfc46a76ec78/1/N04nKbFzaYkKFRL2Q80I5Lov9BQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N04nKbFzaYkKFRL2Q80I5Lov9BQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ad:ce:7e:ae:a3:83:74:60:e7:dd:23:b8:97:44:74:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=374e2729b17369890a1512f643cd08e4ba2ff414
        Validity
            Not Before: Jun  9 19:14:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4f94ca8e50312208b9b1d798a1e9cb6a1ec69e56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:56:94:77:aa:67:57:94:bd:45:77:c5:29:6b:
                    6e:80:8c:ff:67:5f:ec:a2:4b:38:1e:dc:bf:cf:6f:
                    79:31:28:9f:69:c6:a7:b6:2c:e1:b5:d8:f3:fe:f1:
                    9d:54:dd:f1:9e:59:14:f9:da:3f:4b:fe:60:6c:31:
                    63:d5:b8:0e:87:1d:82:77:45:b4:fc:ba:fe:17:02:
                    09:0b:1b:04:56:be:bd:a3:2d:70:b9:a6:73:2f:11:
                    c4:18:da:74:28:fa:3c:3b:77:a3:63:20:4e:95:48:
                    3b:fe:80:3e:de:46:1a:fa:f2:b5:48:71:25:23:c9:
                    56:2c:a6:5d:64:92:95:02:fd:52:d2:f7:e7:a4:6a:
                    9f:2e:df:2c:08:5a:d6:37:c3:44:5b:0d:7b:bd:a5:
                    f5:ed:78:ee:bc:82:5b:dc:2a:e4:bd:ec:d5:f5:2c:
                    07:39:46:98:ec:51:af:ff:c5:56:00:a8:76:2c:55:
                    c2:2b:7c:61:3f:98:f5:e7:d1:13:c1:50:6d:c7:d5:
                    36:67:38:55:98:0c:b2:32:af:18:ab:ea:d8:fc:02:
                    cd:2f:32:c6:e9:c3:ff:64:1e:88:70:21:e9:f9:0d:
                    2a:5f:0e:11:cc:bf:9f:6c:f8:b4:34:12:3c:79:d3:
                    63:e2:8f:05:4d:56:ff:48:16:16:99:9f:b7:63:fb:
                    4e:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:94:CA:8E:50:31:22:08:B9:B1:D7:98:A1:E9:CB:6A:1E:C6:9E:56
            X509v3 Authority Key Identifier:
                keyid:37:4E:27:29:B1:73:69:89:0A:15:12:F6:43:CD:08:E4:BA:2F:F4:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N04nKbFzaYkKFRL2Q80I5Lov9BQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/952230-c262-41cc-b956-cfc46a76ec78/1/T5TKjlAxIgi5sdeYoenLah7GnlY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/952230-c262-41cc-b956-cfc46a76ec78/1/N04nKbFzaYkKFRL2Q80I5Lov9BQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.243.90.0/24
                  178.20.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:45:d1:43:de:c3:a0:ff:5c:42:ff:78:78:a0:5a:9e:e0:a9:
         28:ac:cf:0a:79:e5:4c:dd:04:6d:91:de:95:0a:70:22:ba:ea:
         83:a0:c8:50:7a:50:d1:f9:de:27:c3:72:0c:fd:1a:e0:e7:f1:
         da:0a:31:6e:4c:ca:4c:06:7c:54:d8:27:e1:7f:e8:eb:be:f4:
         31:82:69:fd:38:48:40:b8:d2:ee:fe:48:dd:32:0a:82:ee:7d:
         36:ed:6a:11:91:10:ca:00:cf:17:36:53:90:42:66:90:8e:6f:
         d2:e1:4b:35:7e:fa:35:59:75:dc:dc:87:14:69:93:01:31:05:
         18:5b:06:cb:ec:c9:12:27:64:d1:a9:a0:bb:43:a4:29:52:d1:
         ce:5e:83:95:f5:0d:bb:5c:24:d5:e6:2f:de:45:3f:7c:f5:3b:
         ea:8c:3b:21:74:cf:e9:6b:9a:81:88:01:e4:2d:19:35:23:81:
         17:66:3a:79:4d:a6:f5:8f:44:bf:cc:a1:34:20:6b:c1:78:9d:
         5f:73:49:a1:16:45:90:d3:88:19:77:21:d7:40:38:45:f7:6c:
         78:4f:e6:4a:45:6f:fa:90:06:c4:68:93:0e:85:2d:32:53:5b:
         d6:f6:04:b2:7a:43:17:3b:ca:a7:ea:ee:cf:2c:8e:d3:8f:4c:
         92:40:88:66
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6tzn6uo4N0YOfdI7iXRHS6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3NGUyNzI5YjE3MzY5ODkwYTE1MTJmNjQzY2QwOGU0YmEy
ZmY0MTQwHhcNMjYwNjA5MTkxNDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Zjk0Y2E4ZTUwMzEyMjA4YjliMWQ3OThhMWU5Y2I2YTFlYzY5ZTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmFaUd6pnV5S9RXfFKWtugIz/Z1/s
oks4Hty/z295MSifacantizhtdjz/vGdVN3xnlkU+do/S/5gbDFj1bgOhx2Cd0W0
/Lr+FwIJCxsEVr69oy1wuaZzLxHEGNp0KPo8O3ejYyBOlUg7/oA+3kYa+vK1SHEl
I8lWLKZdZJKVAv1S0vfnpGqfLt8sCFrWN8NEWw17vaX17XjuvIJb3CrkvezV9SwH
OUaY7FGv/8VWAKh2LFXCK3xhP5j159ETwVBtx9U2ZzhVmAyyMq8Yq+rY/ALNLzLG
6cP/ZB6IcCHp+Q0qXw4RzL+fbPi0NBI8edNj4o8FTVb/SBYWmZ+3Y/tOUQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFE+Uyo5QMSIIubHXmKHpy2oexp5WMB8GA1UdIwQY
MBaAFDdOJymxc2mJChUS9kPNCOS6L/QUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjA0bktiRnphWWtLRlJMMlE4MEk1TG92OUJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC85NTIyMzAtYzI2Mi00MWNjLWI5NTYt
Y2ZjNDZhNzZlYzc4LzEvVDVUS2psQXhJZ2k1c2RlWW9lbkxhaDdHbmxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC85NTIyMzAtYzI2Mi00MWNjLWI5NTYtY2ZjNDZhNzZlYzc4
LzEvTjA0bktiRnphWWtLRlJMMlE4MEk1TG92OUJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATfNaAwQA
shTXMA0GCSqGSIb3DQEBCwUAA4IBAQBfRdFD3sOg/1xC/3h4oFqe4KkorM8KeeVM
3QRtkd6VCnAiuuqDoMhQelDR+d4nw3IM/Rrg5/HaCjFuTMpMBnxU2Cfhf+jrvvQx
gmn9OEhAuNLu/kjdMgqC7n027WoRkRDKAM8XNlOQQmaQjm/S4Us1fvo1WXXc3IcU
aZMBMQUYWwbL7MkSJ2TRqaC7Q6QpUtHOXoOV9Q27XCTV5i/eRT989TvqjDshdM/p
a5qBiAHkLRk1I4EXZjp5Tab1j0S/zKE0IGvBeJ1fc0mhFkWQ04gZdyHXQDhF92x4
T+ZKRW/6kAbEaJMOhS0yU1vW9gSyekMXO8qn6u7PLI7Tj0ySQIhm
-----END CERTIFICATE-----